Multiple Vulnerabilities in Fortinet Products Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Fortinet Products, the most severe of which could allow for arbitrary code execution. The products affected by vulnerabilities in this round of monthly Fortinet patches is:

FortiADC is an application delivery controller (ADC) from Fortinet that enhances application availability, performance, and security. It offers features like load balancing, SSL/TLS offloading, web application firewalls (WAF), and global server load balancing (GSLB).
FortiAnalyzer is a log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the entire attack landscape.
FortiClient Endpoint Management Server (EMS) is a centralized platform for managing and deploying FortiClient software on endpoints, providing visibility, policy enforcement, and compliance management for organizations using FortiClient for endpoint security.
FortiCamera is a suite of smart, network-based video surveillance solutions offered by Fortinet.
FortiManager is a comprehensive network management solution designed to streamline the administration, configuration, and monitoring of Fortinet devices across complex network environments.
FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines.
FortiNDR is Fortinet’s network detection and response (NDR) solution which uses file-based analytics & AI to detect suspicious network activity.
FortiProxy is a secure web proxy solution that enhances network security by filtering web traffic and providing advanced threat protection.
FortiSIEM is a is a highly scalable multi-tenant Security Information and Event Management (SIEM) solution that provides real-time infrastructure and user awareness for accurate threat detection, analysis and reporting.
FortiSwitch Manager enables network administrators to cut through the complexities of non-FortiGate-managed FortiSwitch deployments.
FortiVoice is a robust communication solution that integrates voice, conferencing, and messaging services to enhance business collaboration and productivity.
FortiWeb is a web application firewall (WAF) that protects web applications and APIs from attacks that target known and unknown exploits and helps maintain compliance with regulations.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Share my story Share this content

You Might Also Like

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Critical Patches Issued for Microsoft Products, June 11, 2024

Share this content